Privacy Policy

1. Introduction & Scope

17875444 CANADA Inc., carrying on business as CorvusReady. ("CorvusReady," “we,” “us,” or “the Agency”) provides automated infrastructure and AI integration for legal professionals. This policy outlines how we collect, use, and protect information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Law 25, and the California Consumer Privacy Act (CCPA/CPRA).

This policy applies to: (a) legal professionals and law firms who engage us as clients; (b) members of the public who submit information through intake forms or AI-assisted tools deployed as part of our infrastructure; and (c) visitors to corvusready.com.

2. Information We Collect

2.1 From Legal Professionals (Our Direct Clients)

We collect information necessary to perform systems audits and deploy AI infrastructure, including:

• Direct Identity: Name, firm name, and Law Society bar number.
• Communications: Data provided via our contact forms, including practice area and current software stack.
• Technical Data: IP addresses, browser type, and engagement metrics via our performance dashboards.
• Firm Metadata: When performing an audit, metadata regarding lead volume and administrative friction points.

2.2 From Members of the Public (End-Consumer Intake Forms)

When a law firm client deploys CorvusReady-powered intake forms or AI tools on their own website or platform, members of the public may submit personal information including name, contact details, matter description, and other intake-relevant data. In this context:

• The law firm is the primary data controller for that personal information.
• CorvusReady acts as a data processor, processing such information solely on behalf of and under the instruction of the law firm.
• Members of the public submitting intake information should also refer to the applicable law firm’s own privacy policy for how their data is used, retained, and disclosed post-intake.

2.3 Form Submission Technical Data

When any form is submitted through our infrastructure, our CRM and workflow automation platform automatically collects certain technical metadata, including IP address, submission timestamp, browser type, and device information. This data is used for security, fraud prevention, and system performance purposes.

3. How We Use Information

Personal information collected through our platform is used only for the purposes for which it was collected, including:

• Delivering and improving CorvusReady’s services to legal professionals.
• Routing and organizing intake submissions on behalf of law firm clients.
• Automated processing and AI-assisted triage of intake data (see Section 4 below).
• Security monitoring, fraud prevention, and system diagnostics.
• Communicating with our clients and responding to inquiries.

4. AI & Automated Decision Making

In accordance with Law 25 (Quebec) and PIPEDA, we disclose that our infrastructure uses automated processing to:

• Flag intake submissions where opposing party names or matter types match criteria configured by the law firm, for the purpose of assisting the firm's own conflict screening workflow.
• Categorize and route firm leads based on criteria defined by the law firm client.
• Generate intake summaries and flag priority matters using large language model (LLM) technology.

You have the right to request information about the logic used in any automated decision that affects you, and to request human review of that decision. To exercise this right, contact our Privacy Officer (see Section 11).

5. Webchat, Chatbot & Voice AI

5.1 Consent Before Interaction

Prior to any AI-assisted chat or voice intake interaction, users are presented with a clear consent prompt. Proceeding with the interaction constitutes meaningful consent under PIPEDA. Users may withdraw consent at any time, at which point the interaction will end and no further personal information will be collected through that session.

5.2 Recording & Transcription

Voice AI interactions may be recorded and/or transcribed for the purposes of intake routing, quality assurance, and system improvement. Users are notified of this prior to the commencement of any voice session. Chat interactions may be logged for the same purposes.

5.3 Retention of Interaction Data

Webchat and voice session logs are retained for a maximum of 90 days for quality assurance purposes, after which they are securely deleted unless required to be retained for a longer period by law or by the instructions of the law firm client.

6. Third-Party Sub-Processors & Platform Data

Our services are delivered in part through third-party technology platforms, including a CRM and workflow automation platform, AI inference providers, and email delivery services. These sub-processors may process personal information on our behalf. We maintain data processing agreements with all sub-processors to ensure appropriate safeguards are in place.

Categories of sub-processors we engage include:

• CRM & workflow automation (form processing, pipeline management, automated follow-up)
• AI inference & language model providers (intake analysis, chat, voice)
• Email and SMS delivery services
• Analytics and performance monitoring

A full list of sub-processors is available upon written request to our Privacy Officer.

7. Data Residency & Cross-Border Transfers

We recognize the importance of data residency for Canadian legal professionals. Where possible, we prioritize data storage on Canadian-based servers. If data must cross international borders for processing (e.g., via specialized US-based AI inference models), it is protected by AES-256 encryption and standard contractual clauses (SCCs).

By using our services, you acknowledge that certain processing operations may occur on infrastructure located outside Canada, and consent to such transfers where they are necessary to deliver the service.

8. Cookies & Tracking on Embedded Forms

Forms and tools embedded on law firm client websites may collect technical metadata including cookies, session identifiers, IP address, and browser fingerprint data. This data is collected automatically by our infrastructure and is used only for security, fraud prevention, and performance purposes. It is not used for advertising or sold to third parties.

Users may manage cookie preferences through their browser settings. Note that disabling certain technical cookies may affect form functionality.

9. Data Retention

We retain personal information only as long as necessary for the purpose for which it was collected, or as required by law. General retention periods are as follows:

• Law firm client account data: Duration of the engagement plus 7 years.
• Intake form submissions (end-consumer data): As directed by the law firm client, and no longer than 2 years absent instructions.
• Voice and chat session logs: 90 days.
• Technical/system logs: 12 months.

Upon request, we will provide written confirmation of deletion of your data.

11. Security Infrastructure

We employ enterprise-grade security including multi-factor authentication (MFA), AES-256 encryption at rest and in transit, regular penetration testing, and Privacy by Design principles. We do not sell personal information to third-party data brokers.

In the event of a privacy breach that poses a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada (OPC) in accordance with PIPEDA breach notification requirements.

12. Law 25 (Quebec) Compliance

In addition to PIPEDA obligations, we comply with Quebec’s Act respecting the protection of personal information in the private sector (Law 25). This includes:

• Conducting Privacy Impact Assessments (PIAs) prior to deploying new technologies that collect personal information.
• Publishing this privacy policy in a clear and accessible manner.
• Disclosing the use of automated decision-making technology and providing the right to request human review.
• Maintaining a register of confidentiality incidents.

13. Contact our Privacy Officer

For inquiries regarding data protection, to exercise your rights under PIPEDA or Law 25, or to request our sub-processor list, contact:

We will respond to all privacy inquiries within 30 days.